User information of approximately 2,000 British Gas users were posted online recently, but the company said the information didn’t come from its systems, and that there was no breach. In an email the company didn’t say where the information had come from.
It also said crucial information, such as bank account or credit card information is safe. The company warned those whose usernames and passwords had been posted online.
In reply to a customer’s query about the incident British Gas Help posted on Twitter: “A small number of customer details briefly appeared online but our systems are secure. We’ve emailed those impacted”.
@OpportunityUW A small number of customer details briefly appeared online but our systems are secure. We’ve emailed those impacted. ^Anneka
— British Gas (@BritishGas) October 29, 2015
According to the BBC, the email the company said read: “I can assure you there has been no breach of our secure data storage systems, so none of your payment data, such as bank account or credit card details, have been at risk. As you’d expect, we encrypt and store this information securely.”
“From our investigations, we are confident that the information which appeared online did not come from British Gas.”
The information was posted on Pastebin, a service where large data dumps obtained through illegal means are usually seen. The Guardian speculates that, if they did not come from British Gas directly, they may have been pieced together from other data breaches, by testing for passwords which were re-used across multiple accounts, or they may have been uncovered as a result of a phishing campaign targeting British Gas customers.
Details will be sent to the Information Commissioner’s Office following the leak, British Gas said.